Migrate from pip/setup.py to uv for dependency management#5913
Migrate from pip/setup.py to uv for dependency management#5913suhaibmujahid merged 9 commits intomozilla:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Migrates the project from pip/setup.py/requirements files to uv + pyproject.toml (Hatchling) to improve onboarding and lock dependency resolution (Resolves #5022).
Changes:
- Replaces root packaging with
pyproject.toml(Hatchling), moving dependencies/extras/scripts and removingsetup.py/MANIFEST.in/requirements files. - Updates Taskcluster, Dockerfiles, and docs to install/sync dependencies via
uvand useuv.lock. - Migrates
http_serviceto its ownpyproject.toml+uv.lockand adjusts compose/Docker build contexts accordingly.
Reviewed changes
Copilot reviewed 22 out of 26 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| test-requirements.txt | Removes legacy test requirements file (moved into pyproject.toml dependency groups). |
| requirements.txt | Removes legacy runtime requirements file (moved into pyproject.toml). |
| setup.py | Removes legacy setuptools packaging (replaced by Hatchling in pyproject.toml). |
| MANIFEST.in | Removes legacy manifest handling (replaced by Hatch build config). |
| pyproject.toml | Adds Hatchling project metadata, dependencies, optional deps, dependency groups, and scripts. |
| README.md | Updates setup instructions to uv sync and documents dependency groups/extras + Python version. |
| scripts/integration_test.sh | Switches http_service install step from pip install to uv sync. |
| infra/spawn_pipeline_requirements.txt | Removes legacy spawn pipeline requirements file (moved into dependency group). |
| infra/dockerfile.base | Uses uv for dependency sync/install during image build. |
| infra/dockerfile.base-nlp | Uses uv + --extra nlp to provision NLP base image deps. |
| infra/dockerfile.spawn_pipeline | Uses uv + --only-group spawn-pipeline to provision spawn pipeline deps. |
| http_service/setup.py | Removes legacy setuptools packaging for http_service. |
| http_service/requirements.txt | Removes legacy http_service requirements file (moved into http_service/pyproject.toml). |
| http_service/pyproject.toml | Adds Hatchling-based packaging + deps + local source reference to bugbug. |
| http_service/MANIFEST.in | Removes legacy manifest rule for templates. |
| http_service/Dockerfile | Switches build/install flow from pip to uv, uses http_service lockfile. |
| http_service/Dockerfile.bg_worker | Switches build/install flow from pip to uv, uses http_service lockfile. |
| http_service/docker-compose.yml | Updates build context/dockerfile paths to reflect root context + new Dockerfile locations. |
| extra-nlp-requirements.txt | Removes legacy NLP extra requirements file (moved into optional deps). |
| docker-compose.yml | Updates service build contexts/dockerfiles to root context (needed for bind mounts + lockfiles). |
| .taskcluster.yml | Migrates CI jobs from pip installs to uv sync/uv run; removes MCP test task. |
| .pre-commit-config.yaml | Removes requirements-txt-fixer hook (requirements files removed). |
| .github/dependabot.yml | Moves root Python updates from pip to uv and expands directories. |
Comments suppressed due to low confidence (1)
.taskcluster.yml:262
- The release dependency list no longer includes the MCP tests task, even though
services/mcp/has its own test suite. This means MCP tests can regress without being caught by the required CI gate. Consider re-adding the MCP test task (or an equivalent check) to the release dependency chain.
- dependencies:
- { $eval: as_slugid("lint_task") }
- { $eval: as_slugid("tests_task") }
- { $eval: as_slugid("http_tests_task") }
- { $eval: as_slugid("frontend_build") }
- { $eval: as_slugid("packaging_test_task") }
- { $eval: as_slugid("version_check_task") }
- { $eval: as_slugid("integration_test") }
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
suhaibmujahid
force-pushed
the
use-uv
branch
2 times, most recently
from
5b457c3 to
d5737cf
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 27 changed files in this pull request and generated 7 comments.
Comments suppressed due to low confidence (1)
.taskcluster.yml:261
- The
mcp_tests_taskwas removed from the Taskcluster config, butservices/mcp/(includingtests/) still exists in the repo. This looks unrelated to the stated goal of migrating touvand reduces CI coverage for the MCP service. Please either restore an equivalent MCP test task usinguvor document/justify why MCP tests are no longer required.
- $if: 'tasks_for == "github-push" && head_branch[:10] == "refs/tags/"'
then:
$mergeDeep:
- { $eval: default_task_definition }
- dependencies:
- { $eval: as_slugid("lint_task") }
- { $eval: as_slugid("tests_task") }
- { $eval: as_slugid("http_tests_task") }
- { $eval: as_slugid("frontend_build") }
- { $eval: as_slugid("packaging_test_task") }
- { $eval: as_slugid("version_check_task") }
- { $eval: as_slugid("integration_test") }
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.github/dependabot.yml
Outdated
| - "/" | ||
| - "/services/mcp" | ||
| - "/services/reviewhelper-api" |
There was a problem hiding this comment.
Is there a way to just find all files in any directory, so we don't have to specify and remember to add/remove them when necessary?
There was a problem hiding this comment.
We could use /services/* 1. I will do that.
Footnotes
| import shelve | ||
| import shutil | ||
| import struct | ||
| import tomllib |
There was a problem hiding this comment.
Why was the change in this file necessary?
There was a problem hiding this comment.
Because the project's requires-python changed from >=3.10 (in the old setup.py) to >=3.12 (in the new pyproject.toml).
tomllib was added to the stdlib in Python 3.11. With the old >=3.10 constraint, ruff/isort treated it as a third-party import (since it was not exist in 3.10). With >=3.12, ruff knows it's always stdlib, so it expects it sorted with the other stdlib imports.
| "flask-cors==6.0.2", | ||
| "gunicorn==25.1.0", | ||
| "kombu==5.6.2", | ||
| "marshmallow>=3.18.0", |
There was a problem hiding this comment.
We had a non-obvious conflict — pip was only warning about it rather than failing. The chain was: langchain-community==0.4.1 → dataclasses-json==0.6.7 → marshmallow>=3.18.0,<4.0.0. uv's strict resolver caught this transitive conflict that pip silently ignored.
I'll file a follow-up issue to remove langchain-community, as I don't think it's actually needed.
.taskcluster.yml
Outdated
There was a problem hiding this comment.
Instead of installing uv in tasks, we could use an image with uv here
There was a problem hiding this comment.
I was hesitance to do that, but it is a good idea. I will do that.
Resolves #5022